Privacy policy
At Sotiyo Lab S.L, privacy is a top priority. We are committed to protecting the personal information of everyone who trusts us and to handling their data securely, transparently, and in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Spanish Organic Law 3/2018 (LOPDGDD).
This policy explains how we collect, use, store, and protect your personal data, whether you browse our website or communicate with us through other channels.
About Us
Sotiyo Lab S.L
CIF: ESB22971758
Address: Calle Jaén 22 (local), 28020, Madrid, Spain
Contact email: privacy@sotiyo.co
Website: https://www.sotiyo.co
Please read this Privacy Policy carefully. By using and accessing any of the Services, you acknowledge that you have read this Privacy Policy and understand the collection, use, and disclosure of your information as described in this Privacy Policy. We are a company dedicated to design products and direct online sales of our products. We act as the data controller for the personal data collected through our digital and communication channels.
What do we mean by “personal data”?
Personal data refers to any information that can identify you, directly or indirectly. Examples include your name, email address, phone number, postal address, company, IP address, and cookies associated with your browsing.
What information do we collect?
We may collect different types of information depending on your interaction with us:
Information you provide directly:
Contact details including your name, address, billing address, shipping address, phone number, Company or position (if applicable) and email address.
Financial information including credit card, debit card, and financial account numbers, payment card information, financial account information, transaction details, form of payment, payment confirmation and other payment details.
Account information including your username, password, security questions, preferences and settings.
Transaction information including the items you view, put in your cart, add to your wishlist, or purchase, return, exchange or cancel and your past transactions.
Communications with us including the information you include in communications with us, for example, when sending a customer support inquiry.
Device information including information about your device, browser, or network connection, your IP address, and other unique identifiers.
Usage information including information regarding your interaction with the Services, including how and when you interact with or navigate the Services.
Examples: subscribing to our newsletter, filling out a form, emailing us, or participating in an event.
Information collected automatically:
- IP address and connection data
- Browser and device used
- Pages visited, clicks, session duration
- Source of the visit (e.g., social media or ads)
- Cookie data (see our Cookie Policy)
These data help us improve user experience and optimize our website.
How do we collect your data?
Directly from you: when you purchase, subscribe, write to us, participate in recruitment, request assistance, download content, or otherwise provide us with your personal information;
Automatically: through cookies and analytics tools while browsing our website and similar technologies;.
From legitimate third parties: marketing platforms, events, or professional networks, always respecting GDPR, including when we engage them to enable certain technology and when they collect or process your personal information on our behalf;
Providing this information is voluntary; however, some website features or services may be unavailable if you choose not to provide it.
How do we use your data?
We process personal data only when there is a valid legal basis, such as:
To fulfill your orders.
When we have a legitimate interest and your rights do not override it.
To comply with legal obligations.
When you give explicit consent.
Primarily, we use your data to manage orders and maintain our relationship with you, for example, responding to product inquiries, returns, or warranties. Depending on how you interact with us or which of the Services you use, we may use personal information to:
- Contact you: to provide information about changes on our website, policies, promotions, or studies, according to your preferences.
- Provide support: answer questions about products or services and handle claims. We use your personal information to provide you with the Services, including to perform our contract with you, to process your payments, to fulfill your orders, to remember your preferences and items you are interested in, to send notifications to you related to your account, to process purchases, returns, exchanges or other transactions, to create, maintain and otherwise manage your account, to arrange for shipping, to facilitate any returns and exchanges, to enable you to post reviews, and to create a customized shopping experience for you, such as recommending products related to your purchases. This may include using your personal information to better tailor and improve the Services.
- Improve our website: analyze usage data to understand user interaction, optimize experience, and personalize content by location or language. This information remains anonymous unless you consent otherwise.
- Protect you: detect and prevent platform fraud. We use your personal information to authenticate your account, to provide a secure payment and shopping experience, detect, investigate or take action regarding possible fraudulent, illegal, unsafe, or malicious activity, protect public safety, and to secure our services. If you choose to use the Services and register an account, you are responsible for keeping your account credentials safe. We highly recommend that you do not share your username, password or other access details with anyone else.
- Deliver relevant advertising: via remarketing, showing ads on third-party platforms (Google, Meta, etc.) only if you accept cookies. You can manage your preferences at our cookie and privacy preferences in the footer of the site.
- Analyze and generate reports: anonymized and aggregated data for studies and statistics, which may be shared with third parties without identifying you.
- Legal Reasons. We use your personal information to comply with applicable law or respond to valid legal process, including requests from law enforcement or government agencies, to investigate or participate in civil discovery, potential or actual litigation, or other adversarial legal proceedings, and to enforce or investigate potential violations of our terms or policies.
- Marketing and Advertising. We use your personal information for marketing and promotional purposes, such as to send marketing, advertising and promotional communications by email, text message or postal mail, and to show you online advertisements for products or services on the Services or other websites, including based on items you previously have purchased or added to your cart and other activity on the Services.
How long do we keep your data?
We retain your data only as long as necessary for the purposes it was collected:
- Commercial communications: until you withdraw consent.
- Customer and order management: during the contractual relationship and legally required periods.
- Browsing data (cookies): as indicated in our Cookie Policy.
Once the retention period expires, data is securely deleted or anonymized.
Who do we share your data with?
We only share personal data with third parties necessary to provide our services, all under confidentiality agreements and GDPR compliance.
In certain circumstances, we may disclose your personal information to third parties for legitimate purposes subject to this Privacy Policy. We never sell, rent, or trade your personal data for commercial purposes. Such circumstances may include:
- With Technology providers (Shopify, Google Workspace, etc.), vendors and other third parties who perform services on our behalf (e.g. IT management, payment processing, data analytics, customer support, cloud storage, fulfillment and shipping, or Web support or maintenance providers).
- With business and analytics and marketing services (Google Analytics, Meta, etc.) partners to provide marketing services and advertise to you. For example, we use Shopify to support personalized advertising with third-party services based on your online activity with different merchants and websites. Our business and marketing partners will use your information in accordance with their own privacy notices. Depending on where you reside, you may have a right to direct us not to share information about you to show you targeted advertisements and marketing based on your online activity with different merchants and websites. You can exercise your rights to opt-out of those uses here .
- When you direct, request us or otherwise consent to our disclosure of certain information to third parties, such as to ship you products or through your use of social media widgets or login integrations.
- With our affiliates or otherwise within our corporate group.
- In connection with a business transaction such as a merger or bankruptcy, to comply with any applicable legal obligations (including to respond to subpoenas, search warrants and similar requests), to enforce any applicable terms of service or policies, and to protect or defend the Services, our rights, and the rights of our users or others.
Children's Data
The Services are not intended to be used by children, and we do not knowingly collect any personal information about children under the age of majority in your jurisdiction. If you are the parent or guardian of a child who has provided us with their personal information, you may contact us using the contact details set out below to request that it be deleted. As of the Effective Date of this Privacy Policy, we do not have actual knowledge that we "share" or "sell" (as those terms are defined in applicable law) personal information of individuals under 16 years of age.
Relationship with Shopify
The Services are hosted by Shopify, which collects and processes personal information about your access to and use of the Services in order to provide and improve the Services for you. Information you submit to the Services will be transmitted to and shared with Shopify as well as third parties that may be located in countries other than where you reside, in order to provide and improve the Services for you. In addition, to help protect, grow, and improve our business, we use certain Shopify enhanced features that incorporate data and information obtained from your interactions with our Store, along with other merchants and with Shopify. To provide these enhanced features, Shopify may make use of personal information collected about your interactions with our store, along with other merchants, and with Shopify. In these circumstances, Shopify is responsible for the processing of your personal information, including for responding to your requests to exercise your rights over use of your personal information for these purposes. To learn more about how Shopify uses your personal information and any rights you may have, you can visit the Shopify Consumer Privacy Policy . Depending on where you live, you may exercise certain rights with respect to your personal information here Shopify Privacy Portal Link.
Your rights
If you are a European resident, you have the right to access, correct, update, or delete your personal data. To exercise these rights, contact us using the details below. We process your data to fulfill contracts with you (e.g., when you place an order) or for our legitimate interests described in this policy. Your information is not transferred outside Europe; our servers are located within the EU.
Data retention When you place an order or share your data, we retain your order information for our records until you request deletion. How long we retain your personal information depends on different factors, such as whether we need the information to maintain your account, to provide you with Services, comply with legal obligations, resolve disputes or enforce other applicable contracts and policies.
Data storage
Data is stored on secure platforms and may sometimes be processed outside the European Economic Area or the United Kingdom. In such cases, we require the provider to guarantee an equivalent level of protection via standard contractual clauses or EU-approved frameworks (e.g., EU–U.S. Data Privacy Framework).
Full control over your dataTo exercise these rights, write to privacy@sotiyo.co with your request and a document verifying your identity. You can also file a complaint with the Spanish Data Protection Agency (AEPD). You can at any time:
- Access your personal data
- Request correction or deletion
- Limit or object to processing
- Withdraw consent
- Request data portability
“Do Not Track” signals
Please note that we do not change our data collection or usage practices in response to a “Do Not Track” signal from your browser.
Security
We implement technical and organizational measures to protect your data against unauthorized access, loss, or improper disclosure, including: SSL encryption, encrypted passwords, limited access policies, and secure backups. Please be aware that no security measures are perfect or impenetrable, and we cannot guarantee "perfect security." In addition, any information you send to us may not be secure while in transit. We recommend that you do not use unsecure channels to communicate sensitive or confidential information to us.
Policy Updates
We may update this Privacy Policy as needed (due to legal changes or process improvements). The latest version will always be available on this page, showing the last update date.
Last updated: 1 January 2026
Contact
Should you have any questions about our privacy practices or this Privacy Policy, or if you would like to exercise any of the rights available to you, please email us at privacy@sotiyo.co or contact us - c/o Sotiyo Lab S.L at Calle de Jaén 22, Madrid, 28020, Spain.
For the purpose of applicable data protection laws, we are the data controller of your personal information.